I used to think that HN is full of enlightened open minded people who are open to correcting misconceptions if presented with new evidence, and adopting better practices.

But I have encountered a lot of groupthink, brigading downvotes etc. So I stopped having high expectations over the years.

In the case of Wordpress plugins, it’s bloody obvious that loading arbitrary PHP code in your site is insecure. And with npm plugins, same thing.

Over the years, I tried to suggest basic things… pin versions; require M of N signatures by auditors on any new versions. Those are table stakes.

How about moving to decentralized networks, removing SSH entirely, having a cryptocurrency that allows paying for resources? Making the substrate completely autonomous and secure by default? All downvoted. Just the words “decentralized” and “token” already make many people do TLDR and downvote. They hate tokens that much, regardless of their necessity to decentralized systems.

So I kind of gave up trying to win any approval, I just build quietly and release things. They have to solve all these problems. These problems are extremely solvable. And if we don’t solve them as an industry, there’s going to be chaos and it’s going to be very bad.